Category: Security & Privacy

  • Identity Authentication as a Service

    Cloud is a solution for everything. Databases, Message-Queues, Storage, Loadbalancing, everything. You’ll leverage somebody else’s Computer to run your workload, you’ll store data to help your business scale. Even Identity Authentication as a Service is a thing. Well, until the remote provider gets hacked. This is in particular bad if the provider offers authentication and […]

  • Apple hits Facebook

    Facebook complains how Apple’s approach to privacy in iOS will have a substantial impact to their revenue. Following their own statement the impact will be as high as $10 billion for the current year. Facebook’s business model is widely perceived as being based on violating privacy. Apple’s privacy feature disrupts the behind-the-scenes mechanics of many […]

  • Datenreichtum

    Datenreichtum bei Flexbooker, 3.7 Millionen Benutzer betroffen.

  • Elektronisches Bürger- und Organisationenpostfach

    Nach “DeMail” mit privaten Anbietern: Das elektronische Bürger- und Organisationenpostfach (eBO) soll ab dem 1. Januar 2022 als weiterer „sicherer Übermittlungsweg“ für elektronischen Rechtsverkehr starten.

  • #log4J Log4Shell RCE 0-day exploit

    If you develop software in Java, you are probably affected. Log4J is a really popular package to deal with logging. In a nutshell, if an attacker manages to log a specific, crafted string, the library will load code from a random, remote host. Affected are all versions between 2.0 and 2.14.1. Given how ubiquitous this […]

  • Datenschutz im Pixi-Format

    Datenschutz im Pixi-Format

    Was ist Datenschutz und warum ist Privatsphäre wichtig? Manchmal ist das ja Erwachsenen schon schwer zu erklären. Daher hat der Bundesbeauftragte für Datenschutz und Informationsfreiheit, Prof. Ulrich Kelber das einmal in einem leicht zu konsumierenden Format aufbereiten lassen.

  • Google sponsors secure open source software

    Google has announced today a $1 million sponsorship for a new pilot program aimed at enhancing the security of critical open source software projects. Source: Google offers $1 million sponsorship to secure open source software – The Record by Recorded Future

  • Akamai acquires Guardicore

    Akamai is still pushing it’s cybersecurity capabilities. Today the company acquired Israel based cybersecurity firm Guardicore for $600 million, reports ZDNet. Guardicore’s zero-trust solutions brought it to the attention of the CDN. Source: ZDNet

  • “Secret” Agent Exposes Azure Customers To RCE

    This week, again Azure makes the news with cloud security issues. Following the linked article, Microsoft secretly installed a “management agent” on customer VMs. As if the act itself was not severe enough, the agent is reachable from the network. Source: “Secret” Agent Exposes Azure Customers To Unauthorized Code Execution | Wiz Blog And, if […]

  • cloud based CI/CD issues – travis-ci

    Travis-CI published a security bulletin the other day, describing a special condition that would allow to access secrets belonging to a foreign repository in Github or Bitbucket. The condition requires a fork from a public repository. That’s how open source work, and very central functionality. Not a corner case. Turns out, the cloud service did […]